Our Tech Strategy Implementing an API Gateway for Toshikiso
Just want to give an update, after review we decided to build out our own global API gateway for Toshikiso versus dealing with cloud-based gateways like Google Apigee and Azure APIM. The reason why is costs – we were testing these cloud services and the billing invoice was quite expensive for us or any brand-new startup. We didn’t want to spend that kind of money out of the gate.
In this article, I want to share what an API Gateway is and why you going to need it in your information system workflow. Also, this is what me and my team has been working on the past few weeks after we realize this component need to be in-house and managed internally because it is a critical component of our strategy for developing a global urban-based API service for urban solutions around the world at the global scale. We completed and now Toshikiso is definitely done and powerful to green light – we just doing some polishing but the platform is built, ready and working.
What is an API Gateway?
An API gateway is literally a “digital gate” between the raw traffic incoming into your system and your backend services to process API calls. Think of a firewall that filters traffic that comes into and out of your network, the firewall is a gateway. An API gateway sits between applications calling your API and your actual APIs. BTW, the diagram above from Tibco is wrong – your database and system of record should never be part of the API Gateway – it hides behind the microservice with direct communication and never exposed at all to outside traffic.
Never Hit Your APIs Directly
Mobile apps, websites, software – these client devices should not be posting directly to your APIs. You should set up a gateway to perform filtering and routing before touching any of your APIs. I know a lot of so-called tech entrepreneurs that have raw direct access to their APIs and you can read the traffic from a packet sniffer. This is the kind of stuff that results in hacking, denial of services because the hackers know exactly the location of the companies API and hit them.
A lot of mobile developers create direct calls to APIs but you know how they go down? The cloud provider shut down their APIs as Amazon did to the Parlor social media app – the whole platform shut down because they hosted everything on Amazon and Amazon cut off their water. I discussed this before you need to have a flexible global empire, especially as a Black entrepreneur that doesn’t subscribe to the liberal doctrine that all Blacks must be downtrodden as a grievance race to vote Democrat every election. Trust me, those liberals are trying to shut down young, gifted, and Black and cancel them to prop up mediocre folks. That’s why you have to be nimble and diverse and big scale as Black Excellence when you make moves.
Our API Gateway Described
We built and designed our API Gateway for Toshikiso API like most gateways to fulfill the following purpose, please read and understand because you need to know this stuff.
Routing. Our gateways are designed to route a call to our APIs hosted all around the world. If the West Side of Chicago API center goes down, we can quickly route API calls to our Calgary, Canada API center. We can host API hubs on cheap GoDaddy/HostGator web hosting for $4/month or a major cloud provider for $200/month and scale-out based on routing traffic intelligently. This is how we will grow around the world, having hubs in Africa, Asia, Latin America, and North America, and Europe.
Caching. We use Redis NoSQL for caching which is easy to set up. The API gateway can check if the parameters match a previous API call and instead of going to the database to look up, we can quickly return the existing search result from an in-memory cache for a quicker response. This reduces the incidents where servers crash because of too many people logging in when something popular is searched at one time like an NFT collection drop event.
Security. The gateway authenticates the calling API and determines if the request is valid before routing to the backend APIs. If the credentials are wrong, your APIs are never exposed and is focused only on receiving and processing only valid API calls.
Logging. The incoming and outgoing requests are recorded and if you see those sci-fi movies with the scrolling lines of code on computer screens, those are designed as log files that monitor logs of traffic reports. We will see in real-time how fast calls are returned or if calls failed due to network outage or errors and be able to respond. We already fitting out a monitoring center - that is why we need to manage our gateways so we can be first-responders.
Billing. Like other API and cloud services – we charge per API call to our system. We just read the logs from the gateway and convert them to an invoice item that we send to the customer to pay on a monthly billing cycle. Dream and Hustle Early Adopters will have invoiced zeroed out indefinitely until I feel like charging them but we will make our billing dollars around the world from this payment model.
As you see, an API gateway is a critical component that filters call and scale your calls out. It is important for you to understand this. The problem we had again was how much the costs were for the cloud services that can be hundreds of dollars per month and if traffic get busy, can easily move into thousands or tens of thousands per month.
What Kind of Solutions Need an API Gateway?
In the digital age, almost all business models need a gateway. If you going to run a central digital platform for a retail operation, you want to make sure you route data from the right self-checkout touchpoint to record what item has just been scanned. If the whole system goes down, the merchant can just reconfigure to one of your alternative gateway URL addresses to continue doing business.
If you running software on a mobile app or website, you want to have a gateway to your service so you don’t get slammed with heavy traffic, or in the case where AWS went down that caused a cryptocurrency exchange to shut down, you have a backup plan to reroute to an alternative hub or provider.
But here is the main reason – backend maintenance. See, you don’t know if the APIs in the back end are on Microsoft or Linux and we can switch that any time. We can update APIs where we slowly introduce the updates on the backend on one hub to test and if it works, migrate the updates to all hubs – this is called canary releases. We can even outsource the APIs to be processed by a third party, all the calling all know is the gateway URLs. This allows us true flexibility.
Now You Know How We Going to Move
As you see, we not going to deal with these cloud-based API gateways because the prices can really stunt a startup growth. We built out our own API gateways so we can position gateways around the world to use our services. And we have the flexibility to route API calls on the backend and make it look like we got it under control even if 30% of our backend systems went down in one location.
Make sure in your solution if you are a provider or building an application that needs to look at data online, that you build an API gateway to route all of your calls, never have them call your APIs directly. Make yourself flexible with global hubs that can back each other up and scale your hustle up to be a true Black Excellence world-class mogul, not some of these cornball Black content sites still posting up clickbait headlines – let’s do better and go higher.